Conhost.exe Virus - Need help removing

Archive
1

Hello,

After running something I definately should not have run, I found myself with conhost.exe infiltrating my task manager. Using Windows Process Manager to see some of the things it was doing I saw constant activity of things like this:

High Resolution Date & Time:    8/26/2016 3:17:45.0649988 PM
Event Class:    Process
Operation:    Process Start
Result:    SUCCESS
Path:    
TID:    121704
Duration:    0.0000000
Parent PID:    81752
Command line:    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Current directory:    C:\Windows
Environment:    
    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\HomeDipo\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
    CommonProgramW6432=C:\Program Files\Common Files
    COMPUTERNAME=DESKTOP-1E54JDC
    ComSpec=C:\Windows\system32\cmd.exe
    HOMEDRIVE=C:
    HOMEPATH=\Users\HomeDipo
    LOCALAPPDATA=C:\Users\HomeDipo\AppData\Local
    LOGONSERVER=\\MicrosoftAccount
    NUMBER_OF_PROCESSORS=8
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=AMD64
    PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 94 Stepping 3, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=5e03
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    ProgramFiles(x86)=C:\Program Files (x86)
    ProgramW6432=C:\Program Files
    PSModulePath=%ProgramFiles%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files\Intel\
    PUBLIC=C:\Users\Public
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\HomeDipo\AppData\Local\Temp
    TMP=C:\Users\HomeDipo\AppData\Local\Temp
    USERDOMAIN=DESKTOP-1E54JDC
    USERDOMAIN_ROAMINGPROFILE=DESKTOP-1E54JDC
    USERNAME=HomeDipo
    USERPROFILE=C:\Users\HomeDipo
    windir=C:\Windows

 I have attached an image with much more on its activities.

My predicament is removing it. I believe this virus has messed with registry files and I have not yet restarted my pc as that would only further disperse the virus. I've spent hours trying to figure this out but to no avail. I just can't stand the idea of this virus doing whatever it wants in the background.

I have also been lead to believe the virus uses a false csrss.exe as it is also running constantly in the background and taskmanager shows 2 services but both services are from SYSTEM. To my knowledge it is not normal for more than one service to be open by a single user.